<?php
    session_start(); 
    if (!isset($_SESSION['utente'])){ 
    	exit("Accesso negato"); 
    } 
    else {
    	include 'connect.php';
	    $sug_nome = mysql_real_escape_string(htmlspecialchars($_POST['sug_nome'])); 
	    $sug_url = mysql_real_escape_string(htmlspecialchars($_POST['sug_url']));
	    $sql = "INSERT INTO suggested (sug_nome,sug_url) VALUES ('$sug_nome','$sug_url')"; 
	    $result = mysql_query($sql,$conn) or die ("Errore nella query: " .mysql_error());
	    echo '<script language=javascript>document.location.href="./../suggested.php"</script>';
	}
?>